]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
fix TLS timeout recovery
authorEvan Hunt <each@isc.org>
Wed, 21 Apr 2021 17:28:26 +0000 (10:28 -0700)
committerEvan Hunt <each@isc.org>
Thu, 22 Apr 2021 19:08:04 +0000 (12:08 -0700)
the destruction of the socket in tls_failed_read_cb() needs to be
conditional; if reached due to a timeout on a timer that has
subsequently been reset, the socket must not be destroyed.

lib/isc/netmgr/tlsstream.c

index a68838a77555c15ed4345270afac5c94c9e92f86..07f3d264275299d4cc7b250534ca33f6e2733464 100644 (file)
@@ -168,7 +168,10 @@ tls_senddone(isc_nmhandle_t *handle, isc_result_t eresult, void *cbarg) {
 
 static void
 tls_failed_read_cb(isc_nmsocket_t *sock, const isc_result_t result) {
+       bool destroy = true;
+
        REQUIRE(VALID_NMSOCK(sock));
+       REQUIRE(result != ISC_R_SUCCESS);
 
        if (!sock->tlsstream.server &&
            (sock->tlsstream.state == TLS_INIT ||
@@ -188,14 +191,22 @@ tls_failed_read_cb(isc_nmsocket_t *sock, const isc_result_t result) {
                req = isc__nm_uvreq_get(sock->mgr, sock);
                req->cb.recv = sock->recv_cb;
                req->cbarg = sock->recv_cbarg;
-               req->handle = NULL;
                isc_nmhandle_attach(sock->statichandle, &req->handle);
-               isc__nmsocket_clearcb(sock);
+               if (result != ISC_R_TIMEDOUT) {
+                       isc__nmsocket_clearcb(sock);
+               }
                isc__nm_readcb(sock, req, result);
+               if (result == ISC_R_TIMEDOUT &&
+                   isc__nmsocket_timer_running(sock->outerhandle->sock))
+               {
+                       destroy = false;
+               }
        }
 
-       isc__nmsocket_prep_destroy(sock);
-       isc__nmsocket_detach(&sock);
+       if (destroy) {
+               isc__nmsocket_prep_destroy(sock);
+               isc__nmsocket_detach(&sock);
+       }
 }
 
 static void
@@ -520,6 +531,7 @@ tls_readcb(isc_nmhandle_t *handle, isc_result_t result, isc_region_t *region,
                tls_failed_read_cb(tlssock, result);
                return;
        }
+
        tls_do_bio(tlssock, region, NULL, false);
 }